The Domain Name Commission and cyber security bureau CERT NZ have agreed to share some domain registration information to help enhance cyber security.
The two organisations inked a Memorandum of Understanding (MoU), under which CERT NZ will use its access to international cyber threat and vulnerability information together with withheld domain name registration information to alert .nz domain owners to cyber security issues, said Brent Carey, domain name commissioner.
Access to Domain registration information has been disrupted by new European General Data Protection Regulations (GDPR).
That has resulted in new processes and guidance on privacy and domain name data.
The new MoU sets out how CERT NZ will be able to access withheld domain name registration information from the Domain Name Commission when cyber security threats are identified.
“Where individuals have validly chosen our privacy option, it’s paramount we protect their privacy," said Carey. "Security of our domain name space critical infrastructure is equally as important.
"Putting this agreement in place means that we can protect that privacy while also giving CERT NZ access to some information that they need to help keep New Zealand safe."
As part of the agreement, the Domain Name Commission will share regular transparency reporting which will include high-level information on the withheld data accessed by CERT NZ.
“Cyber security has to be a team sport,” said Rob Pope, director of CERT NZ. “We use our privileged access to information, such as the information we’ll be able to access under this new Memorandum of Understanding to help keep New Zealanders safe online.
“When we’re alerted to issues that may affect New Zealand domain owners, this agreement means we can access the right information at the right time.”
The Memorandum of Understanding is in place from June 2018, and is available on the Domain Name Commission website.